The ITSPmagazine Podcast

RSAC 2025 is a wrap. The expo floor is closed, the conversations have ended, and the gear is packed — but the reflections are just beginning. Throughout the week, Sean Martin and Marco Ciappelli had powerful discussions around AI, identity, platform security, partnerships, the evolving legal and VC landscapes, and the growing importance of multi-layered defense strategies. But one moment stood out. While we were recording outside the conference, someone walking by asked us, “Is the world secure now?” Our answer was simple: “We’re working on it.” That exchange captured the spirit of the entire event — security is not a destination, it’s an ongoing effort. We learn, we adapt, and we move forward faster than the future is coming at us. Thank you to everyone who made RSAC 2025 such a meaningful experience. Next stops: AppSec Global in Barcelona, Infosec Europe in London, Black Hat and DEF CON in Las Vegas — and more conversations across the hybrid analog digital society we all share. Until next time, keep building, keep connecting, and keep moving forward. ___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent and Director of Science and Research at CybSafe, joins ITSPmagazine at RSAC 2025 to discuss how people’s attitudes shape their cybersecurity behaviors—at home, at work, and everywhere in between.Drawing from a global survey of over 7,000 individuals, Dr. Nurse presents data that reveals a fundamental challenge: while many individuals recognize the importance of cybersecurity, a significant number also find it intimidating and frustrating. Nearly 43% of participants shared that they feel overwhelmed by security measures, highlighting a persistent disconnect between the intent of security protocols and the lived experience of users.This disconnect manifests in inconsistent behaviors. At home, people may take extra precautions to protect their personal lives and families. At work, however, there’s a tendency to outsource responsibility to the employer. This duality—heightened vigilance in personal spaces and relaxed caution in professional environments—creates vulnerabilities in a world where attackers don’t care where the device or user happens to be.The conversation emphasizes the need to rethink how we approach cybersecurity education, awareness, and design. Dr. Nurse advocates for a “usable security” model—systems that protect users without demanding overly technical knowledge or creating friction. He uses the example of biometrics and seamless phone authentication to show how good design can improve both security and user satisfaction.To illustrate the connection between knowledge, attitude, and behavior, Dr. Nurse brings humor into the mix with a memorable analogy involving Kit Kats. Just as knowing something is delicious can shape our cravings and actions, understanding security in relatable terms can lead to more proactive behaviors.The episode wraps with a candid reflection on trust and novelty in the face of emerging AI systems—like self-driving cars. Dr. Nurse questions whether people truly trust new technologies or if they’re simply seduced by convenience and innovation.This is a conversation about what it really takes to build a security-conscious society—one that understands people as much as it understands threats.Listen to the full episode to hear how mindset, usability, and cultural attitudes are reshaping the human side of cybersecurity.___________Guest: Dr. Jason R.C. Nurse, Associate Professor in Cybersecurity at the University of Kent | https://www.linkedin.com/in/jasonrcnurse/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________Resources Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageCatch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us___________KEYWORDSsean martin, marco ciappelli, jason r c nurse, rsac 2025, cybersecurity, behavior, mindset, usability, ai, trust, event coverage, on location, conference Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

The cybersecurity workforce shortage isn’t a new problem—but according to Jamie Norton, Board Director at ISACA, it’s one that’s getting worse. In this on-location conversation during RSAC Conference 2025, Norton shares how ISACA is not only acknowledging this persistent gap but actively building pathways to close it, especially for early-career professionals.While many know ISACA for its certifications and events, Norton emphasizes that the organization’s mission goes much deeper—supporting digital trust through education, community, and career development. One key area of focus: helping individuals navigate every phase of their professional journey, from new graduates to seasoned leaders. That includes new offerings like the Certified Cyber Operations Analyst (CCOA) credential, designed specifically to meet the growing demand for technical, hands-on skills in security operations roles.What’s driving this shift? Norton points to employer demand for candidates who can walk into SOC and technical analyst roles with practical experience. The CCOA was created based on feedback from ISACA’s 185,000+ global members and a wide network of hiring organizations, all highlighting the same pain point: early-stage roles are difficult to fill, not because people aren’t interested, but because too many can’t prove their skills in ways hiring managers understand.ISACA’s response is both strategic and community-driven. Certification development is rooted in large-scale data analysis and enhanced by input from members around the world, ensuring each program reflects real-world needs. At the same time, ISACA recognizes that certifications alone don’t create confidence. Community and mentorship matter—especially for those struggling with imposter syndrome or breaking into the field from non-traditional backgrounds.Looking ahead, ISACA is investing in career journey tools, AI-focused certifications, and guidance for post-quantum readiness—all while continuing to support members through local chapters and global programs.For those hiring, job-seeking, or guiding others into the field, this episode offers a grounded, forward-looking view into how one organization is equipping the cybersecurity workforce for the work that matters now—and what’s coming next.Learn more about ISACA: https://itspm.ag/isaca-96808Note: This story contains promotional content. Learn more.Guest: Jamie Norton, Director Board of Directors, ISACA | https://www.linkedin.com/in/jamienorton/ResourcesLearn more and catch more stories from ISACA: https://www.itspmagazine.com/directory/isacaLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:jamie norton, sean martin, marco ciappelli, cybersecurity, certifications, workforce, skills, governance, community, careers, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

When it comes to cybersecurity, corporate executives are often the most targeted individuals—but their greatest vulnerabilities may lie beyond the office walls. In this episode recorded live at RSAC Conference 2025, Dr. Chris Pierson, Founder and CEO of BlackCloak, joins hosts Sean Martin and Marco Ciappelli to unpack why digital executive protection is now a business necessity, not a luxury.Dr. Pierson—a former two-time CISO, DHS cybersecurity advisor, and chief privacy officer—explains how BlackCloak addresses a long-ignored problem: the personal digital exposure of high-profile individuals and their families. From compromised home networks and identity theft to impersonation scams powered by deepfake technology, today’s cyber threats easily bypass corporate defenses by exploiting softer targets at home.Digital Protection That Mirrors Physical SecurityJust as companies rely on third-party providers for health insurance or physical executive protection, Dr. Pierson advocates for a dedicated, privacy-conscious solution for securing personal digital lives. BlackCloak functions as a concierge-style service, guiding individuals through essential steps like securing high-risk accounts, managing privacy settings, shrinking their attack surface, and implementing a modern, multifactor verification system to prevent impersonation attacks.A Framework for ActionAt RSAC, Dr. Pierson unveiled BlackCloak’s Digital Executive Protection Framework—a practical tool that includes 14 tenets and over 100 specific actions to assess and improve personal digital security maturity. The goal: help organizations prioritize what matters most. Instead of trying to secure every account or device equally, the framework focuses attention on high-value targets like banking credentials, communication platforms, and personal data exposed via data brokers.From Deepfakes to Real-World ConsequencesPierson also highlights the alarming growth of AI-powered impersonation attacks. With 42% of surveyed CISOs reporting executive-targeted deepfake incidents, and financial losses climbing, companies must think differently. It’s not just about technology—it’s about trust, relationships, and verification at every level of communication.This episode sheds light on how executive protection is evolving—and why your organization should consider extending its security strategy beyond the boardroom. To see how BlackCloak is redefining protection for the C-suite and their families, listen to the full episode.Learn more about BlackCloak: https://itspm.ag/itspbcwebNote: This story contains promotional content. Learn more.Guest: Chris Pierson, Founder & CEO, BlackCloak | https://www.linkedin.com/in/drchristopherpierson/ ResourcesLearn more and catch more stories from BlackCloak: https://www.itspmagazine.com/directory/blackcloakLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, marco ciappelli, chris pierson, cybersecurity, privacy, deepfakes, identity, executives, framework, protection, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this closing update for the day from the RSAC conference show floor, Sean Martin and Marco Ciappelli reflect on the energy, conversations, and technology shaping cybersecurity today—and what’s coming next. With dozens of interviews under their belts, the duo shares what’s standing out across sessions and show-floor discussions.Resilience has become a key destination, with innovation—especially around AI and quantum technologies—paving the way forward. Conversations touch on how security leaders are adjusting to new threat models, merging traditional disciplines like AppSec and DevSecOps with emerging areas such as vibe coding and container security. There’s a clear sense that the dialogue has shifted: zero trust isn’t just a topic; it’s embedded across many conversations. AI is no longer speculative—it’s embedded in discussions about GRC, automation, and security architecture.Sean brings a technical and operational lens, while Marco plans to explore the societal implications in future conversations—something noticeably less discussed this year, but still deeply relevant. With more content being edited and released over the next few days, the team invites listeners to stay tuned for articles, panels, and post-conference reflections.From San Francisco to London, Vegas, and maybe even Australia—this conversation is just getting started.___________Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSsean martin, marco ciappelli, rsac 2025, quantum, ai, grc, devsecops, zero trust, appsec, resilience, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

In this On Location Brand Story episode, Sean Martin speaks with Hugh Njemanze, President and Founder at Anomali, who has been at the center of cybersecurity operations since the early days of SIEM. Known for his prior work at ArcSight and now leading Anomali, Hugh shares what’s driving a dramatic shift in how security teams access, analyze, and act on data.Anomali’s latest offering—a native cloud-based next-generation SIEM—goes beyond traditional detection. It combines high-performance threat intelligence with agentic AI to deliver answers and take action in ways that legacy platforms simply cannot. Rather than querying data manually or relying on slow pipelines, the system dynamically spins up thousands of cloud resources to answer complex security questions in seconds.Agentic AI Meets Threat IntelligenceHugh walks through how agentic AI, purpose-built for security, breaks new ground. Unlike general-purpose models, Anomali’s AI operates within a secure, bounded dataset tailored to the customer’s environment. It can ingest a hundred-page threat briefing, extract references to actors and tactics, map those to the MITRE ATT&CK framework, and assess the organization’s specific exposure—all in moments. Then it goes a step further: evaluating past events, checking defenses, and recommending mitigations. This isn’t just contextual awareness—it’s operational intelligence at speed and scale.Making Security More Human-CentricOne clear theme emerges: the democratization of security tools. With Anomali’s design, teams no longer need to rely on a few highly trained specialists. Broader teams can engage directly with the platform, reducing burnout and turnover, and increasing organizational resilience. Managers and security leaders now shift focus to prioritization, strategic decision-making, and meaningful business conversations—like aligning defenses to M&A activity or reporting to the board with clarity on risk.Real-World Results and Risk InsightsCustomers are already seeing measurable benefits: an 88% reduction in incidents and an increase in team-wide tool adoption. Anomali’s system doesn’t just detect—it correlates attack surface data with threat activity to highlight what’s both vulnerable and actively targeted. This enables targeted response, cost-effective scaling, and better use of resources.Learn more about Anomali: https://itspm.ag/anomali-bdz393Note: This story contains promotional content. Learn more.Guest: Hugh Njemanze, President and Founder at Anomali | https://www.linkedin.com/in/hugh-njemanze-603721/ResourcesLearn more and catch more stories from Anomali: https://www.itspmagazine.com/directory/anomaliLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, hugh njemanze, siem, cybersecurity, ai, threat intelligence, agentic ai, risk management, soc, cloud security, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2025 in San Francisco, the message is clear: cybersecurity must be a shared endeavor—across nations, disciplines, and sectors. In this episode, Marco Ciappelli and Sean Martin welcome two distinguished voices from Italy who are helping shape this collective path forward: Luigi Martino, Director of the Center for Cybersecurity and International Relations Studies at the University of Florence, and Luca Tagliaretti, Executive Director of the European Cybersecurity Competence Centre (ECCC).Cybersecurity as a Multinational, Multidimensional EffortLuigi Martino, who also holds roles at the University of Bologna and Khalifa University in Abu Dhabi, underscores the growing global awareness that cybersecurity is no longer a niche concern—it’s embedded in everything, from space to artificial intelligence. He emphasizes that cyber cannot be treated in isolation and must be considered alongside advancements in quantum technologies, AI, and the systems that govern our modern society.For Luca Tagliaretti, leading the EU’s newly autonomous cybersecurity body, this interconnected view plays out through policy and community-building. The ECCC’s role spans everything from shaping long-term cybersecurity strategies across Europe to investing in innovation and skilling up the current workforce. He describes this as a community-first mission—building cohesion not just across EU member states, but eventually through global alignment.Regulation: Guardrail or Roadblock?A major theme discussed is the role of regulation in fostering or hindering innovation. Both guests agree that thoughtful regulation—especially in AI—is not the enemy of progress. Rather, it can be a mechanism for building trust, ensuring ethical use, and creating market conditions where all players, not just the biggest, can thrive. Bureaucracy, not regulation itself, is called out as the more significant challenge—particularly when public institutions aren’t equipped to implement modern governance.What They’re Taking Home from RSACAsked what they’ll bring back from the conference, Luca points to the “sense of unity”—the opportunity to build on shared knowledge and collaborate across borders. Luigi highlights the spirit of open innovation and trust that defines the RSAC community: a willingness to share, experiment, and move forward together.Both perspectives offer a powerful reminder—cybersecurity isn’t just about defending systems, it’s about building connections.___________Guest:s Luigi Martino, Principal Research Scientist at Khalifa University and Head at the Center for Cyber Security and International Relations Studies | https://www.linkedin.com/in/luigi-martino-07515364/Luca Tagliaretti, Executive Director at ECCC | https://www.linkedin.com/in/luca-tagliaretti-564a703/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage___________KEYWORDSmarco ciappelli, sean martin, luigi martino, luca tagliaretti, rsac 2025, cybersecurity, regulation, ai, quantum, collaboration, event coverage, on location, conference___________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Storage often sits in the background of cybersecurity conversations—but not at Infinidat. In this episode, Eric Herzog, Chief Marketing Officer of Infinidat, joins Sean Martin to challenge the notion that storage is simply infrastructure. With decades of experience at IBM and EMC before joining Infinidat, Herzog explains why storage needs to be both operationally efficient and cyber-aware.Cyber Resilience, Not Just StorageAccording to Herzog, today’s enterprise buyers—especially those in the Global Fortune 2000—aren’t just asking how to store data. They’re asking how to protect it when things go wrong. That’s why Infinidat integrates automated cyber protection directly into its storage platforms, working with tools like Splunk, Microsoft Sentinel, and IBM QRadar. The goal: remove the silos between infrastructure and cybersecurity teams and eliminate the need for manual intervention during an attack or compromise.Built-In Defense and Blazing-Fast RecoveryThe integration isn’t cosmetic. Infinidat offers immutable snapshots, forensic environments, and logical air gaps as part of its storage operating system—no additional hardware or third-party tools required. When a threat is detected, the system can automatically trigger actions and even guarantee data recovery in under one minute for primary storage and under 20 minutes for backups—regardless of the dataset size. And yes, those guarantees are provided in writing.Real-World Scenarios, Real Business OutcomesHerzog shares examples from finance, healthcare, and manufacturing customers—one of which performs immutable snapshots every 15 minutes and scans data twice a week to proactively detect threats. Another customer reduced from 288 all-flash storage floor tiles to just 61 with Infinidat, freeing up 11 storage admins to address other business needs—not to cut staff, but to solve the IT skills shortage in more strategic ways.Simplified Operations, Smarter SecurityThe message is clear: storage can’t be an afterthought in enterprise cybersecurity strategies. Infinidat is proving that security features need to be embedded, not bolted on—and that automation, integration, and performance can all coexist. For organizations juggling compliance requirements, sprawling infrastructure, and lean security teams, this approach delivers both peace of mind and measurable business value.Learn more about Infinidat: https://itspm.ag/infini3o5dNote: This story contains promotional content. Learn more.Guest: Eric Herzog, Chief Marketing Officer, Infinidat | https://www.linkedin.com/in/erherzog/ResourcesLearn more and catch more stories from Infinidat: https://www.itspmagazine.com/directory/infinidatLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, eric herzog, storage, cybersecurity, automation, resilience, ransomware, recovery, enterprise, soc, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Helen Oakley, Senior Director of Product Security at SAP, and Dmitry Raidman, Co-founder and CTO of Cybeats, joined us live at the RSAC Conference to bring clarity to one of the most urgent topics in cybersecurity: transparency in the software and AI supply chain. Their message is direct—organizations not only need to understand what’s in their software, they need to understand the origin, integrity, and impact of those components, especially as artificial intelligence becomes more deeply integrated into business operations.SBOMs Are Not Optional AnymoreSoftware Bills of Materials (SBOMs) have long been a recommended best practice, but they’re now reaching a point of necessity. As Dmitry noted, organizations are increasingly requiring SBOMs before making purchase decisions—“If you’re not going to give me an SBOM, I’m not going to buy your product.” With regulatory pressure mounting through frameworks like the EU Cyber Resilience Act (CRA), the demand for transparency is being driven not just by compliance, but by real operational value. Companies adopting SBOMs are seeing tangible returns—saving hundreds of hours on risk analysis and response, while also improving internal visibility.Bringing AI into the SBOM FoldBut what happens when the software includes AI models, data pipelines, and autonomous agents? Helen and Dmitry are leading a community-driven initiative to create AI-specific SBOMs—referred to as AI SBOMs or AISBOMs—to capture critical metadata beyond just the code. This includes model architectures, training data, energy consumption, and more. These elements are vital for risk management, especially when organizations may be unknowingly deploying models with embedded vulnerabilities or opaque dependencies.A Tool for the Community, Built by the CommunityIn an important milestone for the industry, Helen and Dmitry also introduced the first open source tool capable of generating CycloneDX-formatted AISBOMs for models hosted on Hugging Face. This practical step bridges the gap between standards and implementation—helping organizations move from theoretical compliance to actionable insight. The community’s response has been overwhelmingly positive, signaling a clear demand for tools that turn complexity into clarity.Why Security Leaders Should Pay AttentionThe real value of an SBOM—whether for software or AI—is not just external compliance. It’s about knowing what you have, recognizing your crown jewels, and understanding where your risks lie. As AI compounds existing vulnerabilities and introduces new ones, starting with transparency is no longer a suggestion—it’s a strategic necessity.Want to see how this all fits together? Hear it directly from Helen and Dmitry in this episode.___________Guests: Helen Oakley, Senior Director of Product Security at SAP | https://www.linkedin.com/in/helen-oakley/Dmitry Raidman, Co-founder and CTO of Cybeats | https://www.linkedin.com/in/draidman/Hosts:Sean Martin, Co-Founder at ITSPmagazine | Website: https://www.seanmartin.comMarco Ciappelli, Co-Founder at ITSPmagazine | Website: https://www.marcociappelli.com___________Episode SponsorsThreatLocker: https://itspm.ag/threatlocker-r974Akamai: https://itspm.ag/akamailbwcBlackCloak: https://itspm.ag/itspbcwebSandboxAQ: https://itspm.ag/sandboxaq-j2enArcher: https://itspm.ag/rsaarchwebDropzone AI: https://itspm.ag/dropzoneai-641ISACA: https://itspm.ag/isaca-96808ObjectFirst: https://itspm.ag/object-first-2gjlEdera: https://itspm.ag/edera-434868___________ResourcesLinkedIn Post with Links: https://www.linkedin.com/posts/helen-oakley_ai-sbom-aisbom-activity-7323123172852015106-TJeaAn open letter to third-party suppliers: https://www.jpmorgan.com/technology/technology-blog/open-letter-to-our-suppliersLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsa-conference-usa-2025-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage______________________KEYWORDShelen oakley, dmitry raidman, sean martin, rsac 2025, sbom, aisbom, ai security, software supply chain, transparency, open source, event coverage, on location, conference______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

At RSAC Conference 2025, Sean Martin catches up with Brian Dye, CEO of Corelight, to explore a recurring truth in cybersecurity: attackers adapt, and defenders must follow suit. In this episode, Dye lays out why traditional perimeter defenses and endpoint controls alone are no longer sufficient—and why it’s time for security teams to look back toward the network for answers.Beyond the Perimeter: Visibility as a Force MultiplierAccording to Dye, many organizations are still relying on security architectures that were top-of-the-line a decade ago. But attackers have already moved on. They’re bypassing endpoint detection and response (EDR) tools, exploiting unmanaged devices, IoT, and edge vulnerabilities. What’s left exposed is the network itself—and that’s where Corelight positions itself: providing what Dye calls “ground truth” through network-based visibility.Rather than rearchitecting environments or pushing intrusive solutions, Corelight integrates passively through out-of-line methods like packet brokers or traffic mirroring. The goal? Rich, contextual, retrospective visibility—without disrupting the network. This capability has proven essential for responding to advanced threats, including lateral movement and ransomware campaigns where knowing exactly what happened and when can mean the difference between paying a ransom or proving there’s no real damage.Three Layers of Network InsightDye outlines a layered approach to detection:1. Baseline Network Activity – High-fidelity summaries of what’s happening.2. Raw Detections – Behavioral rules, signatures, and machine learning.3. Anomaly Detection – Identifying “new and unusual” activity with clustering math that filters out noise and highlights what truly matters.This model supports teams who need to correlate signals across endpoints, identities, and cloud environments—especially as AI-driven operations expand the attack surface with non-human behavior patterns.The Metrics That MatterDye points to three critical success metrics for teams:• Visibility coverage over time.• MITRE ATT&CK coverage, especially around lateral movement.• The percentage of unresolved cases—those embarrassing unknowns that drain time and confidence.As Dye shares, organizations that prioritize network-level visibility not only reduce uncertainty, but also strengthen every other layer of their detection and response strategy.Learn more about Corelight: https://itspm.ag/coreligh-954270Note: This story contains promotional content. Learn more.Guest: Brian Dye, Chief Executive Officer, Corelight | https://www.linkedin.com/in/brdye/ResourcesLearn more and catch more stories from Corelight: https://www.itspmagazine.com/directory/corelightLearn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25______________________Keywords:sean martin, brian dye, network, visibility, ransomware, detection, cybersecurity, soc, anomalies, baselining, brand story, brand marketing, marketing podcast, brand story podcast______________________Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverageWant to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrfWant Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.